HashiCorp Certified: Vault Associate
Last Update May 18, 2024
Total Questions : 200
We are offering FREE VA-002-P HashiCorp exam questions. All you do is to just go and sign up. Give your details, prepare VA-002-P free exam questions and then go for complete pool of HashiCorp Certified: Vault Associate test questions that will help you more.
Select two answers to complete the following sentence:
Before a new provider can be used, it must be ______ and _______.
What is the proper command to enable the AWS secrets engine at the default path?
You've decided to use AWS KMS to automatically unseal Vault on private EC2 instances. After deploying your Vault cluster, and running vault operator init, Vault responds with an error and cannot be unsealed.
You've determined that the subnet you've deployed Vault into doesn't have internet access. What can you do to enable Vault to communicate with AWS KMS in the most secure way?
After running into issues with Terraform, you need to enable verbose logging to assist with troubleshooting the error. Which of the following values provides the MOST verbose logging?
To prepare for day-to-day operations, the root token should be safety saved outside of Vault in order to administer Vault
An application is trying to use a secret in which the lease has expired. What can be done in order for the application to successfully request data from Vault?
From the options below, select the benefits of using a batch token over a service token. (select three)
In order to extend a Consul storage backend, Consul nodes should be provisioned across multiple data centers or cloud regions.
True or False:
Once you create a KV v1 secrets engine and place data in it, there is no way to modify the mount to include the features of a KV v2 secrets engine.
When administering Vault on a day-to-day basis, why is logging in with the root token, as shown below, a bad idea? (select two).
Which flag would be used within a Terraform configuration block to identify the specific version of a provider required?
Given the policy below, what would the user be able to access?
1. path "*" {
2. capabilities = ["create", "update", "read", "list", "delete", "sudo"]
3. }
Using multi-cloud and provider-agnostic tools provides which of the following benefits? (select two)
From the code below, identify the implicit dependency:
1. resource "aws_eip" "public_ip" {
2. vpc = true
3. instance = aws_instance.web_server.id
4. }
5. resource "aws_instance" "web_server" {
6. ami = "ami-2757f631"
7. instance_type = "t2.micro"
8. depends_on = [aws_s3_bucket.company_data]
9. }
True or False:
Multiple providers can be declared within a single Terraform configuration file.
When using providers that require the retrieval of data, such as the HashiCorp Vault provider, in what phase does Terraform actually retrieve the data required?
Which of the following policies would permit a user to generate dynamic credentials on a database?
Environment variables can be used to set variables. The environment variables must be in the format "____"_
Your organization is running Vault open source and has decided it wants to use the Identity secrets engine. You log into Vault but are unable to find it in the list to enable. What gives?
After issuing the command to delete a secret, you run a vault kv list command but the secret still exists. What command would permanently delete this secret from Vault?
1. $ vault kv delete kv/applications/app01
2. Success! Data deleted (if it existed) at: kv/applications/app01
3. $ vault kv list kv/applications
4. Keys
5. ----
6. app01
Your organization has moved to AWS and has manually deployed infrastructure using the console. Recently, a decision has been made to standardize on Terraform for all deployments moving forward.
What can you do to ensure that all existing is managed by Terraform moving forward without interruption to existing services?
While Terraform is generally written using the HashiCorp Configuration Language (HCL), what another syntax can Terraform be expressed in?
TESTED 18 May 2024
